Deploying Nuxeo on OpenShift

Last September, Red Hat released OpenShift 3.3 Container Platform stepping up the game in the Platform as a Service (PaaS) solutions world. The OpenShift Container Platform is a PaaS built on Red Hat Enterprise Linux and Kubernetes that provides a cloud application platform for deploying new applications on secure, scalable resources with minimal configuration and management overhead. It comes with many cool features, such as an integrated Docker registry, pipelines, one click image deploy, a better UI, and more, which aim at making it the industry’s leading enterprise Kubernetes platform for running existing and cloud-native applications in any cloud. We are starting to see our customers and prospects who are interested in a PaaS approach for deploying their applications use OpenShift. So, we decided to take advantage of the OpenShift Platform as well and give it a try!

This exercise is a really simple one. I just want to have the Nuxeo Platform configured to run with MongoDB as fast as possible for development purposes. I will also show you how to install some marketplace packages in the process and configure an AWS EBS volume to be used by MongoDB as persistent storage to spice things up a little (Of course, for this one I will assume that you have OpenShift cluster running on AWS).

You have 2 options: You can download and use the OpenShift CLI client or just do (almost) everything from the UI. I will show you both options, but note that the UI is very limited in comparison to the client. Let’s take a look at the steps now.

1. Have OpenShift up and running Let’s move a little into the future (or 10 mins depending on which option you chose from the above) and assume that you have an OpenShift cluster up and running.

If you have the AWS cluster installation you can generate a token from the web console. Assuming that the cluster is deployed at openshift-master.io.nuxeo.com/ go to https://openshift-master.io.nuxeo.com/console/command-line and copy the generated token to login:$ oc login https://openshift-master.io.nuxeo.com --token=XXX

Now create a new project:

3. Set up an EBS volume (AWS Cluster) and deploy MongoDB

If you are running an OpenShift cluster on AWS only a cluster administrator can configure persistent volumes to be available for all projects. Then any application that needs external storage can automatically attach and use them.

Now you can just deploy a new MongoDB by clicking Add to project/ Browse Catalog and selecting the existing “mongodb-persistent” template as shown below (set all parameters to the value ”nuxeo” for convenience). Note that scaling to more than one replica is not supported with this template:

That’s it! MongoDB container is now up and running:

Let’s start Nuxeo too!

4. Build and run Nuxeo Docker image

By default, all containers that we launch within OpenShift are not allowed to use a root user within the container. We cannot simply run nuxeo:latest as this will fail because OpenShift will prevent the container from running as root. We can edit the security context to relax this constraint (follow the solution described here) or you can build a new Nuxeo image from my slightly modified Dockerfile that runs as the user ‘nuxeo’ instead of root.

You can directly pass the github repository and the environment variables and wait for the magic to happen, where OpenShift builds the docker image, pushes it to the internal registry, and starts the Nuxeo container.

As I want to start Nuxeo using the MongoDB template and also install the ‘nuxeo-web-ui’ marketplace package, I will create a new application and pass these as environment variables:

Or in the web console just click on Add to project, go to Deploy Image and put nuxeo:latest assuming that you have modified the security constraints if needed* and set the above environment variables.

Security constraints: If you are testing with the All-In-One OpenShift Origin VM, no need to do anything. You can already run any container as root. If you are on the AWS OpenShift HA Cluster installation and want to install the default nuxeo:latest Docker image, then execute the following:

$oc edit scc anyuid

And add to users: system:serviceaccount:$PROJECT:default #where $PROJECT is the name of your OS project

You can check the build of your new Docker image (that is now pushed into the internal registry):

Here’s the deployment:

Finally, here’s the running pod:

At this point we have both MongoDB and the Nuxeo Platform running:

The only thing left is to configure a route to access the Nuxeo Platform:

Voila! The Nuxeo Platform configured with a persistent MongoDB is running at: http://nuxeo-route-test-nuxeo.apps.io.nuxeo.com/ (This was the link to my test application and is just an example for you. If you can’t access this link now that means my test application has been removed and so you have to try it for yourself to see the result!)